Page 4 of 71 results (0.013 seconds)

CVSS: 9.0EPSS: 96%CPEs: 26EXPL: 8

CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)

https://notcve.org/view.php?id=CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. • https://github.com/sixpacksecurity/CVE-2021-40438 https://github.com/xiaojiangxl/CVE-2021-40438 https://github.com/Kashkovsky/CVE-2021-40438 https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit https://github.com/BabyTeam1024/CVE-2021-40438 https://github.com/gassara-kys/CVE-2021-40438 https://github.com/Cappricio-Securities/CVE-2021-40438 https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt https://cert-portal.siemens.com/productcert/pdf/ • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0

CVE-2021-39275 – ap_escape_quotes buffer overflow

https://notcve.org/view.php?id=CVE-2021-39275

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. la función ap_escape_quotes() puede escribir más allá del final de un buffer cuando se le da una entrada maliciosa. Ningún módulo incluido pasa datos no confiables a estas funciones, pero los módulos externos o de terceros pueden hacerlo. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. • https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fc • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-36160 – mod_proxy_uwsgi out of bound read

https://notcve.org/view.php?id=CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). Una uri-path de petición cuidadosamente diseñada puede causar que la función mod_proxy_uwsgi lea por encima de la memoria asignada y se bloquee (DoS). Este problema afecta a Apache HTTP Server versiones 2.4.30 a 2.4.48 (incluyéndola) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3E https://lists.apache • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

CVE-2021-34798 – NULL pointer dereference in httpd core

https://notcve.org/view.php?id=CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2021-34558 – golang: crypto/tls: certificate of wrong type is causing TLS client to panic

https://notcve.org/view.php?id=CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. El paquete crypto/tls de Go versiones hasta 1.16.5, no afirma apropiadamente que el tipo de clave pública en un certificado X.509 coincida con el tipo esperado cuando se hace un intercambio de claves basado en RSA, permitiendo a un servidor TLS malicioso causar el pánico en un cliente TLS A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected. • https://golang.org/doc/devel/release#go1.16.minor https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS https:/&# • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •